IETF Logo Mail Archive

Re: [regext] Poll messages with unhandled namespaces (was Re: I-D Action: draft-ietf-regext-change-poll-07.txt)

"Gould, James" <jgould@verisign.com> Fri, 20 April 2018 14:06 UTC

Return-Path: <jgould@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E160127136 for <regext@ietfa.amsl.com>; Fri, 20 Apr 2018 07:06:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GRZ6UEC9HRBi for <regext@ietfa.amsl.com>; Fri, 20 Apr 2018 07:06:18 -0700 (PDT)
Received: from mail3.verisign.com (mail3.verisign.com [72.13.63.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29AED127023 for <regext@ietf.org>; Fri, 20 Apr 2018 07:06:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=20938; q=dns/txt; s=VRSN; t=1524233178; h=from:to:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version:subject; bh=84gHKngU9jJVKTBtc5J7GbM+rT2i0ed9Eja6lqXql+k=; b=GoHGWK8Gdu7Z4kfdkU8quYMTlNhdVbtYSykBvBO51Cs7GC5SOuv5ST6x qJJeBZcUVNK7meQG9gM/QALpzcr7L/p6jA3u/o87NGtVpM5I3llo6lv7f 5TgR70VYF4W5ecBaDsMwDWj6oJBkLKvorQwzjw11uddB2ZP5mv8ARPq/p ThHXXyuQCI+vG4QOMNWD3Ews9xN4//2tVlz9rD/x6fYdEGfMd6f0vF9Rf VgLqHG8wvvk8fkH5sl4kS2cdJBk0mONxZPaUiy4DO/zrMRhNy/Hcsmkf5 eoPH0JWP1Q3hccT12zBQVDYma0TIuQ1/CveDyep+JQf2j4YropNypJTtJ Q==;
X-IronPort-AV: E=Sophos;i="5.49,301,1520899200"; d="scan'208";a="4435604"
IronPort-PHdr: 9a23:2dxLVhfcDP3De2yOauX0muielGMj4u6mDksu8pMizoh2WeGdxc26bR2N2/xhgRfzUJnB7Loc0qyK6/umATRIyK3CmUhKSIZLWR4BhJdetC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBxrwKxd+KPjrFY7OlcS30P2594HObwlSizexfb1/IA+qoQnNq8IbnZZsJqEtxxXTv3BGYf5WxWRmJVKSmxbz+MK994N9/ipTpvws6ddOXb31cKokQ7NYCi8mM30u683wqRbDVwqP6WACXWgQjxFFHhLK7BD+Xpf2ryv6qu9w0zSUMMHqUbw5Xymp4rx1QxH0ligIKz858HnWisNuiqJbvAmhrAF7z4LNfY2ZKOZycqbbcNgHR2ROQ9xRWjRBDI2icoUPE+QPM+VWr4b/qVQOrAexCwajC+701j9HnXr20bEm3+k7EwzL2hErEdIUsHTTqdX4LKkeX+GyzKnVyTXMcuta0ir55ofSdxAuv+qMUbxtesfWy0kvGATFjkiUqYP4JD6VyPoCs3Ka7+p7VOKvhGgnpxttrTiow8chk4/EjZ8bxFDD8CV22oc1JdugRU5lf9GkCppQtzqbN4t5RMMiQmdotzogxrIavp67eTAGyJIgxx7aavyHdZaH4g75WOaWOzd4i2hpeK+8hxqq90igy/HzWtOu31ZWtiZFk8fDtmwD1xDJ7ciHUPR98l+81jaI0gDc8OBEIUYtmarBNZEhzb8wloEPsUTZHi76gkP2jKuOekU4/uin9v3rba7hpp6TLYN7kB3+Prw0lcyxB+Q4MxQBU3KV+eSmzLHj/Ff2QLNQgfEslanZqp/aKMIGraC6Gw9Yypsv5wqlAzu70tkVk2MLIE9FdR+JlYTlJV7DLfDgAfuin1igiipnyvLIM7H7H5nALnbOnK3ucLt57UNX1RA9wspF551OD7EMOPfzWkjsu9PGFhI5KAm0w/r/CNV6y4MeRXqDAq+HP6PWtl+F/vkgI/OKZIMIvDb8JP0l6OTvjX89nl8dYLWp0YcJZHyiAPRpPV+ZYXv3gtcAHmcKuBAyQ/DtiF2HSTJTZnCyULwg5jwjFY6qEZ3PSp2vjbGPxiu3A51ba25cBlySHnrld52IW/IWZyKTJs9hnCYEVb+kS4I51xGuuwj6y6djLuXJ4SAYq4zs1MJ05+3IlBEy+jp0A96B3GGKSmF4hnkISCMu3KBjvUx9zU+O0bJmjPxXC9NS6O9JXxw7NZHC0+x6Bcr+WgXbfteGUFymWMmpASktTtItxN8De159G9C5gx/e2CqqH6Ual7qWC5Mo9aLQxWT+J8F4yyWO6K50t1A6WMpENiWDi7Bt+gubU5bMu0mei6+sea8bmiXK8THHhSCUsU5VQBJYUKjZUzYYfESc5YDj60zPX6OGCLk7PE1G08HUeYVQbdi8x3pBWfPvfJz8ame8gC34URSHwa6IYKL0dn8cxyTSDg4PlAVFriXODhQ3Gir0+zGWNzdpD1+6Jhq0qeQ=
X-IPAS-Result: A2GmAQBx89la//WZrQpZAgEdAQEFAQsBgxMEgQyBIgqDYIgCjkkhEX55kX8UgSkXFg4LGAsIg3hGAhqCTTQYAQIBAQEBAQECAQECgQQMgjUkAQ4vHCEIAQUBAQEBAQEBAQEjAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQgCCAUCHxARAQEBGAEBAQECAQEBDBURMQkbAgEIDQEKAgISAQICCAcCAgIlCxUQAgQBCQkZAoRqF6ZVghyIP4IpgQmIUj6BMgyBXX+DEQEBgS0BEgEJFgwLCiYBARQBgiIwgiQCjAaLawMFAoVZhSeFLIpfiTICg32CUQIECwITAYElHIEacXAVOyoBghgJghcXEWkBAQF/gUmBPoMyJIJmglhvAQwjjHMNHoEBgRgBAQ
Received: from brn1wnexcas02.vcorp.ad.vrsn.com (brn1wnexcas02 [10.173.152.206]) by brn1lxmailout02.verisign.com (8.13.8/8.13.8) with ESMTP id w3KE6DhU006194 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Fri, 20 Apr 2018 10:06:13 -0400
Received: from BRN1WNEXMBX02.vcorp.ad.vrsn.com ([::1]) by brn1wnexcas02.vcorp.ad.vrsn.com ([::1]) with mapi id 14.03.0301.000; Fri, 20 Apr 2018 10:06:13 -0400
From: "Gould, James" <jgould@verisign.com>
To: Patrick Mevzek <pm@dotandco.com>, "regext@ietf.org" <regext@ietf.org>
Thread-Topic: [EXTERNAL] Re: [regext] Poll messages with unhandled namespaces (was Re: I-D Action: draft-ietf-regext-change-poll-07.txt)
Thread-Index: AQHT2GyqWgxn1kxvFUCsqqDf7M9PhKQJsJ+A
Date: Fri, 20 Apr 2018 14:06:11 +0000
Message-ID: <83479150-4E98-452F-B27B-BD286AA18C1B@verisign.com>
References: <3266784A-E663-4465-8ABF-A3305B83C253@verisign.com> <e7916b75-1555-14e3-43bc-644059cd68f0@switch.ch> <605AC23F-D7B3-4A37-876E-45EC8E6BEEB8@verisign.com> <84309e91-dbe9-8865-fd06-528266aa93e7@switch.ch> <FAFB62AE-C0D1-4D74-888C-00C632D73211@verisign.com> <1522912361.3587146.1327243736.6AB5A07D@webmail.messagingengine.com> <58605AC6-A8B3-4428-A71E-580E6BC01EFF@verisign.com> <1524032366.3941888.1341940112.7D43F230@webmail.messagingengine.com> <BEC1040F-25C7-4F52-BB94-1F55BFA4C1C7@verisign.com> <1524203922.4022062.1344535160.39F0C10F@webmail.messagingengine.com>
In-Reply-To: <1524203922.4022062.1344535160.39F0C10F@webmail.messagingengine.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.c.0.180410
x-originating-ip: [10.173.153.49]
Content-Type: text/plain; charset="utf-8"
Content-ID: <FBF65766D00FF74981274461D736C9D8@verisign.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/_b5Xfekd_jKksr2cAqNEFDav47M>
Subject: Re: [regext] Poll messages with unhandled namespaces (was Re: I-D Action: draft-ietf-regext-change-poll-07.txt)
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Apr 2018 14:06:21 -0000

Patrick,

Thank you for the detailed description of your reasoning.  I will leave it that we disagree on the purpose of the login services, the need for the server to honor the login services for poll messaging, and the impacts in returning unsupported responses or response extensions to clients.  On the impact, there are two elements to consider including first the XML parser in validating a response against the XML schemas, and second is the unmarshalling of the XML to a representative object.  A client could disable the XML parser validation and move along to the unmarshalling step.  In the unmarshalling step the client would need to deal with receipt of unsupported content.  The client could throw an exception because the XML (e.g., DOM tree) could not be unmarshalled, ignore the unsupported content, or come up with some other representation of the unsupported content (e.g., convert to list of XML blobs or DOM objects).  A client would need to proactively deal with the unexpected if the server does not honor the login services of the client.  With the inclusion of the greeting and login services, it seems clear to me that the intention of the protocol is not to have the clients deal with the unexpected.  

Since this is not a problem unique to draft-ietf-regext-change-poll, I agree that it's best suited to be addressed in a separate Internet Draft that addresses service-aware EPP poll messaging.  Is there interest in such a draft by the working group?  

Thanks,
  
—
 
JG



James Gould
Distinguished Engineer
jgould@Verisign.com

703-948-3271
12061 Bluemont Way
Reston, VA 20190

Verisign.com <http://verisigninc.com/> 
On 4/20/18, 1:58 AM, "regext on behalf of Patrick Mevzek" <regext-bounces@ietf.org on behalf of pm@dotandco.com> wrote:

    On Wed, Apr 18, 2018, at 15:43, Gould, James wrote:
    > This particular thread was started Martin Casanova, who brings up an 
    > excellent point that needs to be considered.  Martin, you may want to 
    > weigh on this.
    
    You can probably admit that, based on the amount of time the problem exists (basically since registries started to use EPP), and the number since then on mailing-lists about this problem, that it is not an hot topic.
    That does not mean it can not be addressed, but it may mean that registries/registrars already found out solutions to this.
    
    > I have the following questions and related thoughts:
    > 
    > 
    >   1.  Do you believe that it is protocol compliant for the server to 
    > return something that the client did not explicitly include in the login 
    > services?
    
    It is certainly not ideal, but not a big problem either (in this specific case for the specific reasons I gave and will give below), and certainly to my eyes less a problem than putting format into a <msg> element that is defined for human consumption (even more so when you mix both text and XML elements in the same <msg> element, which is a peril waiting to happen)
    
    >   2.  What is the purpose of the server’s greeting services and the 
    > client’s login services?
    >      *   I believe that the server and client services are used to 
    > negotiate the common set of supporting services.  The client should not 
    > pass services that the server does not support and vice-versa.
    
    It is not a full negotiation since there is only one exchange and only a binary result possible (accepting the login or not).
    
    Text says:
    "A <svcs> element that contains one or more <objURI> elements that
          contain namespace URIs representing the objects to be managed
          during the session."
    
    Note that it says objects, not messages or commands.
    For me it is more tailored to let the client advertise which objects he wants to manipulate at the registry, that is which namespaces will appear in its commands.
    Imagine a registry handling both domain names and let's say AS number or IP blocks, within the same EPP server.
    Upon login, some clients may have rights to only manage domains or only manage AS numbers. So they advertise what they would like to do, based on server greeting. And then the server can act on that.
    
    For me the <svcs> definition in RFC5730 does not restrict the notifications messages namespaces. So I think from this disagreement, we go then on separate ways.
    
    >   3.  What do you do with validating clients?
    >      *   The Verisign EPP SDK is one implementation of a validating 
    > client, but there can be others.  A validating client would either need 
    > to be updated to support the extension or turn off validation and be 
    > capable of processing a message that it doesn’t support.  If the 
    > protocol is followed, there should be no issue with validating the XML 
    > per the supported XML schemas in either the server or the client based 
    > on #2.
    
    Again, the validating client can recognize it can not validate the notification message (if it does it synchronously which you suppose and for which I already said that there are ways to do it differently), and just dump it aside for further/later processing and before being updated if you insist on in-session immediate validation.
    
    I think you are missing some use cases. Let me share things I have seen in various places.
    
    First, from my experience, many registries (I can not give precise numbers I would say in the ballpark of 1 among 2) define their own namespace extension for notification messages, with more or less format.
    I doubt that a validating client such as Verisign EPP SDK would work great in this case if it wants to be used for many ccTLDs especially and validate all notifications messages. It just does not fit what is happening.
    Note that you do not have this problem in gTLDs where far less extensions are used.
    
    Of course it would be so much simpler if they were not so many extensions doing the same things, but the situation is like it is for now and I doubt this will change soon, or anytime in fact.
    
    Another important point: I know multiple EPP clients (mine included for part of the following, but I know others too) that exhibit, on purpose, one or more of the following traits:
    
    1) not validating incoming EPP messages and even more often not validating outgoing ones.
    Why? Because when you try to support many registries you tend to observe that not all registries are strictly conforming to their own EPP schemas; so it happens that you get as client some EPP messages that do not validate at all, even if given  by the registry. Of course you will say that this is the server fault and that it should be fixed (or the schema amended) and it is of course the true technical explanation but then when you have to conduct your business you can not wait on the registry to be fixed, your client should not be halted by some bogus format, it should find workarounds.
    
    Note that it also happened for core schema. I know one registry particularly that re-used the <domain:reason> element in a <domain:check> command for more that it was designed to (which also illustrates the peril of shoehorning a formatted structure inside a free text element), and just forgetting that its schema forces it to be less 32 characters or less... and some messages did have a reason larger than that. Some registrars were not happy about that when they started to receive such messages...
    
    So how a validating client is supposed to handle that? Just refuse the message and make it impossible to do any domain:check?
    Again, certainly possible technically, but not realistic business-wise.
    
    One could also paste here the Postel law, or its half: be liberal in what you accept
    (which breaks horribly when applied in security contexts but that is another story).
    
    2) not processing notifications at all in-session, just acking all messages immediately, after having stored them locally in a DB or something which will get consumed by some asynchronous processes.
    To me this looks very efficient and solve multiple problems at once. Including the validation problem or even for message 100% validated the problem of parsing them.
    Take for example the transfer case and registries sending notifications about transfers being started, refused, accepted, etc.
    Not all of them, again specifically in ccTLDs, are using the standard panData element. Many of them are putting all the information (domain name, status of transfer, other registrar ID, etc...) as free text in the <msg> part of the notification. You have to parse that. You can not build a client that will have this knowledge even before connecting to the EPP server for the simple reason that often there is not even a comprehensive documentation from the registry with all the messages. So you will have to pick them up during your life. You either try to parse them immediately, or you store them for later. If you want to validate and parse them immediately what will you do for all unknown cases? Just throwing a fatal exception will again not help the registrar to do its business.
    
    So I applaud the Verisign SDK to be strict and to stick to the technical rules and do validation always, I just do not think it could be used as is to connect to many ccTLDs registries because you will then be hit by many new namespaces, specific to one registry, that are not necessarily fully documented nor always respected by the registry itself.
    
    To put things in perspective, extracted from my client, here are some namespaces related to registry notification messages a client can receive:
    
    http://www.afnic.fr/xml/epp/frnic-1.4
    http://rxsd.domain-registry.nl/sidn-ext-epp-1.0
    http://tld-box.at/xmlns/resdata-1.1
    http://www.nic.at/xsd/at-ext-message-1.0
    http://www.nominet.org.uk/epp/xml/std-notifications-1.2
    urn:afilias:params:xml:ns:oxrs-1.1
    urn:ietf:params:xml:ns:changePoll-1.0
    urn:ietf:params:xml:ns:cira-1.0
    urn:ietf:params:xml:ns:extreport-1.0
    urn:ietf:params:xml:ns:poll-1.0
    
    and this is certainly not exhaustive...
    
    How many open or closed EPP clients do you know that are capable of both parsing all these extensions and validating them (putting aside the problem of receiving an EPP frame not even respecting the schema associated to the namespace)? I bet you can count them on one hand...
    
    > You are correct that there are a set of existing EPP extensions that do 
    > include poll messages (e.g., RGP Poll Mapping, Low Balance Mapping, 
    > Launch Phase Extension, and object mappings that support transfer poll 
    > messages like Email Forwarding and Defensive Registration).  This is 
    > based on the extensions registered in the EPP Extension Registry 
    > (https://www.iana.org/assignments/epp-extensions/epp-extensions.xhtml).  
    
    There are unfortunately a very small percentage of all extensions that exist...
    Current version of my client knows about 145 different EPP namespaces...
    And I am willing to bet that there are in fact more than 200 in the wild.
    
    As written above, I have no idea how to do an EPP client capable of
    validating all of them.
    
    > With the exception of the RGP Poll Mapping and the Low Balance Mapping, 
    > the poll messages are associated with actions that the client previously 
    > took, so it’s reasonable to assume that the client supports it.
    
    This assumptions fail completely for all the cases outlined above, specially
    in ccTLDs.
    There are many other exceptions in the wild besides the two you list.
    
    One example: the registry notifing the registrar that it just deleted one of its contact or host because it became unlinked and obsolete after some policy delay...
    
    > Since it looks like Patrick and I are most likely at an impasse, I ask 
    > the list to weigh in on the two options that include:
    
    I disagree. We are not at an impasse. You see a problem and wish to resolve it by some solution. If you are motivated to defend it, write a draft and let the WG consensus build itself on it, if it reaches other interests.
    I am certainly not here to say not to do it.
    
    I have no counter proposal to yours since my solution is basically "do nothing", as the status quo, while not perfect, seems good enough to me or at least best than the solution we speak here about. But of course it would help if registrars specially come and share their experiences and "wishlist".
    
    So, feel free to go forward with a draft if you like. 
    
    >   2.  Server considers the login services and filters non-supported 
    > extensions (object and command / response) from the poll message 
    > response with an encoded <msgQ><msg> indicating the extension namepaces 
    > not supported.  
    
    This also raises an another important problem, partially depending on policy.
    Let us imagine the registry starts some new notification messages under a new namespace (or, less radical: just changes some namespace version).
    At the exact moment this happens all currently logged in clients, as well as all future clients not having been updated will know nothing about this namespace hence, per your proposal, the server will filter out these messages.
    
    Where will these messages go? If they are lost for good it is bad as the registrar will have no way to know that (except parsing in a new way the msg element, which involves updates), at all. Even maybe no way to know it needs to be updated (whereas if it started to receive new messages it would just see the new namespace and could act or error on it, but at least decide itself what it wants to do). Maybe the client will just get updated hours or days later, but even in any tiny timeframe some messages may come like that and be lost forever... (the registrar can not necessarily wait on the first of such message by not acknowledging it until it gets updated, because this will block it from retrieveing the following ones, that may contain even more important information for its business). I think this is taxing registrars too much.
    
    You suppose also that the registrars will get updated to parse the new <msg> format: this is an assumption that can break.
    
    Filtering messages at the server side seems creating more problems than solutions to me.
    This is tied to the problem of sitting messages not being acknowledged by the registrar. Some registries are then sending them by email for example after a certain delay to be able to purge the queues.
    I know others where there is no purge and you can find messages almost 10 years old...
    (the usefulness of such messages now is seriously debattable...)
    But at least not just filtering some out and making them disappear definitively.
    
    -- 
      Patrick Mevzek
      pm@dotandco.com
    
    _______________________________________________
    regext mailing list
    regext@ietf.org
    https://www.ietf.org/mailman/listinfo/regext

v2.23.0 | Report a Bug | By Email